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General header fieid$ 


Entity header fields 


Response header fields 


Request header fields 


Accept 


Content-Encoding 


Allow 


Authorization 


Accept-Encoding 


Content-Length 


Proxy-Authenticate 


Contact 


Accept-Language 


Cotttetit-Type 


Retry-After 


Hide 


Call-ID 




Server 


Max-Forwards 


Contact 




Uttsupported 


Organization 


Cseq 




Warning 


Priority 


Date 




WWW-Authenticate 


Proxy-Authorization 


Encryption 






Proxy-Require 


Expires 






Route 


From 






Require 


Record-Route 






Response-Key 


Timestainp 






Subject 


To 






User-Agent 


Via 









Session description 


k* 


Encryption key 


Type 


Description 


a* 


Zero or more session attribute lines 


V 


Protocol version 


Time Description 


0 


Owner/creator and session identifier 


t 


Time the session is activated 


$ 


Session name 


r* 


Zero or more repeat times 


i* 


Session infomiation 


Media description 


u* 


URI of description 


m 


Media name and transport address 


e* 


Email address 


i* 


Media title 


P* 


Phone number 


c* 


Connection information - optional if 
included at session level 


c* 


Connection information - not 
required if included in all media 


b* 


Bandwidth information 


b* 


Bandwidth information 


k* 


Encryption key 


z* 


Time zone adjustments 


a* 


Zero or more media attributes 



MSG SIP_BASIC 



I E ndpoint 1 [ 
INVITE 



I Endpoin{2 | 



MSC SIP_PROXY 

1 Encfpointi j [ Proxy | | Location | | Proxy | | Endpoint2 I 




INVITE 

100 Trying 


Localion info req 
Locafon info 

INVTE 




INVITE 






100 Trying 


180 Ringing 
200 OK 

ACK 


180 Ringing 
200 OK 

ACK 




180 Ringing 




200 OK 


ACK 
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MSG SiP_ REDIRECT 

Ll^°'"flJ I Red'-ect I I Location | | Prpxy [ | Endpoint2 



INVITE 



302 Moved Temp 



Localion Info req 



Location info 



180 Ringing 
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Access Control 


Restricting access to resources to privileged entities. 


Authentication 


Corroboration of the identity of an entity or the source of information (data 
origin authentication) 


Authorization 


Conveyance, to another entity, of official sanction to do or be something 


Anonymity 


Concealing the identity of an entity involved in some process 


Availability 


Accessibility of systems and information by authorized users 


Certification 


Endorsement of information by a trusted entity 


Confidentiality or 
Privacy 


Keeping information secret from all but those who are authorized to see it 


Confirmation 


Acknowledgement that services have been provided 


Data integrity 


Ensuring information has not been altered by unauthorized or unknown means 


Non-repudiation 


Preventing the denial of previous commitments or actions 


Ownership 


A means to provide an entity with the legal right to use or transfer a resource 
to others 


Receipt 


Acknowledgement that information has been received 


Revocation 


Retraction of certification or authorization 


Signature 


A means to bind information to an entity 


Timestamping 


Recording the time of creation or existence of information 


Validation 


A means to provide timeliness of authorization to use or manipulate 
information or resources 


Witnessing 


Verifying the creation or existence of information by an entity other than the 
creator 
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(Encryption) 
Key 



(Decrypti on) 
key 



Encryption 



Ciphertext 
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Decryption 



Plaintext 
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Message M- 



Key (K^ 



Hash functkxi 



Transmission 
Hk(M) ^ H-.(M) 



1^ 



( Compare 



INVITE sip: watsongboston. bell-telephone . com SIP/2. 0$ 
Via: SIP/2. 0/UDP 169.130.12.5$ 

To: T. A. Watson <sip : watson@bell-telephone . com>$ 
From: A. Bell <sip : a . g . belKJbell-t elephone . com>$ 
Encryption: PGP version=5.0$ 
Content-Length: 224$ 

Call-ID: 187 602 14 1351@worcester. bell-telephone. com$ 
Content-Type: inessage/sip$ 
CSeq: 488$ 



Subject: Mr. Watson, come here . $ 
Content-Type: application/sdp$ 
$ 

v=0$ 

o=bell 53655765 2353687637 IN IP4 128.3.4.5$ 
s=Mr. Watson, come here . $ 
t=0 0$ 

c=IN IP4 135.180.144.94$ 
in=audio 3456 RTP/AVP 0 3 4 5$ 



INVITE sip:watson@boston. bell-telephone. com SIP/2. 0$ 
Via: SIP/2. 0/UDP 169.130.12.5$ 

To: T. A. Watson <sip : watson@bell-telephone . com>$ 
From: A. Bell <a . g . bell@bell-telephone . com>$ 
Encryption: PGP version=5.0$ 
Content-Type: application/sdp$ 
Content-Length: 107$ 

Call-ID: 187 60214 135 l@worcester. bell-telephone. com$ 
CSeq: 488$ 



v=0$ 

o=bell 53655765 2353687637 IN IP4 128.3.4.5$ 
c=IN IP4 135.180.144.94$ 
m=audio 3456 RTP/AVP 0 3 4 5$ 
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The "where" column describes the request and response types with which the header field can 
be used. "R" refers to header fields that can be used in requests (that is, request and general 
header fields), "r" designates a response or general-header field as applicable to all responses. 



The "enc." column describes whether this message header field MAY be encrypted end-to-end. 
A "n" designates fields that MUST NOT be encrypted, while "c" designates fields that 
SHOULD be encrypted if encryption is used. 

The "e-e" column has a value of "e" for end-to-end and a value of "h" for hop-by-hop header 
fields. 

Other header fields may be encrypted or may travel in the clear as desired by the sender. The 
Subject, Allow and Content-Type header fields will typically be encrypted. The Accept, 
Accept-Language, Date, Expires, Priority, Require, Call-ID, Cseq, and Timestamp header fields 
will remain in the clear. 



where enc. e-e 



Accept 


R/r 




e 


Accept 


415 




e 


Accept-Encoding 


R/r 




e 


Accept-Encoding 


415 
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Accept-Language 
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Accept-Language 


415 
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Alert-hifo 


R 
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Allow 


200 




e 


Allow 


405 




e 


Authorization 


R/r 
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Call-ID 
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e 


Contact 
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e 
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Contact 
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e 


Contact 
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Contact 


3xx 
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Contact 


485 




e 


Content-Disposition 
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Content-Encoding 

Content-Length 

Content-Type 

CSeq gc 

Date g 

Encryption g 

Expires g 

From gc 

Hide R 

Max-Forwards R 

MIME-Version g 

Organization g 

Priority R 

Proxy-Authenticate 401, 407 

Proxy-Authorization R 

Proxy-Require R 

Record-Route R 

Record-Route 2XX,40 1,484 

Require g 

Response-Key R 

Retry-After R 

Retry-After 404,480,486 
503 



Route 

Server 

Subject 

Support 

Timestamp 

To 



600,603 



gc(l) 



Unsupported 420 

Unsupported R 

User-Agent g 

Via gc(2) 

Warning r 

www-Authenticate R/401 
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INVITE sip: watson@boston.bell-telephone.com SIP/2.0 
Via: SIP/2. 0/UDP 159.130.12.5 

Authorization: PGP version=5.0, signature= . . . 
From: A. Bell <sip: a . g . bellObell-telephone . com> 
To: T, A. Watson <sip :watson@bell- telephone . com> 
Call- ID: 187 6 021413 51@worcester . bell- telephone . com 
Subject: Mr. Watson, come here. 
Content-Type: application/sdp 
Content-Length: . . . 

v=0 

o=bell 53655765 2353687637 IN IP4 128.3.4.5 
s=Mr. Watson, come here. 
t=0 0 

c=IN IP4 135.180.144.94 
m=audio 3456 RTP/AVP 0 3 4 5 



INVITESIP/2 .OFrom: A. Bell <sip:a.g-bell@bell-telephone.com> 
To: T. A. Watson <sip : watsonSbell-telephone , com> 
Call -ID: 187 602 141351®worcester. bell- telephone. com 
Subject: Mr. Watson, come here. 
Content-Type: application/sdp 
Content-Length: . . . 

v=0 

o=bell 53655765 2353687637 IN IP4 128.3.4.5 
s=Mr. Watson, come here. 
t=0 0 

c=IN IP4 135.180.144.94 
m=audio 3456 RTP/AVP 0 3 4 5 





User A SIP Server 

Register 



401 - UnauAorized 
WWW-Autknticatei... 



Register 

Authoriration: ... 



User A SIP Proxy Server 

INVITE 



407 - Proxy Authorization 
Proxy- Authenticate: ... 



INVITE 

Proxy-Authorization; . 
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Telephony Application 



Applicatioti Interface Media Interface 

1^ - 



SIP SignalliAg Stack 
H.323SignalHng Stack 



Protocol interface 




N eUv otk inteif ac e 



- Appli cation Inter fe ce 




Network wrapper /Parser 



Network interfece 




Application hterfece 



SecTirily Temninal ibterfece(SST) 



Sf cunty Media>interfece (SSM) 



Security Wfeinager Application interface (SMA) 



Network interfece 
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MSG SEC_UA_UA_SEND_SUCCESS 

POP I I SecxintyManager 
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MSC SEC_UA_UA_INCOMING_SUCCESS 



I SIP s 



PGP I I SecuntyMrigT}^--- 



sst_ge SecuritvCspabrlity 



senci_vwvw_aLrthentic^e 



/yT_AUTHOR!ZEDJNVlTE 



a_auther(tcate 



property 



a_autherrticate_SI PMessage 



sa _decrvpt_SI P M essag e 



ma_authentcafe 



nca_catllncoming 



a _encr ypt_SI P M essag e 



a _authon2e_SIP Message 



»_encrvpt_SIPMessage 



3 _encrvpt_SI P M essag e 



ssa_aLith ori2e_SIP Message 



ssa_auihentica1ie_SI PMessage 



ssa_decrvpt_SlP M essage 



401_Unauthoreed 



INVITE (Aulhorired) 



Newin\itevyth 
operauthori: 
id encryptior 



Security Manager 
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Receiving terminal 



1\ 



Security Manager receives 
an invite. The security parameters 
are checked and new invite Is 
requested. 



TASK_Secu rityManager 
Jnvite 



TASK_Secu rityManager 
_send_\Aww_auth 
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Sending Terminal [\ 
The terminal has sent an invite j 
and received 401 Unauthorized | 
response. It makes new authorized 
invite messages and sends it. I 




I 

TASK_SecurityManager 
_a uthorization_reqd 
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